A Mac virus built to gaslight the AI hunting it
SentinelOne documented a new macOS backdoor it calls Gaslight, attributed with high confidence to a North Korean-linked group. It is a Rust info-stealer, but the novel part is anti-analysis: the binary carries 38 fake error messages, fabricated crash reports, memory dumps and security alerts, written as prompt injection to make AI-assisted analysis tools doubt their own session and abort, truncate, or refuse the work. SentinelOne did not prove it defeats any specific platform, but it shows attackers now aiming at the AI analyst, not just the sandbox.
Source: BleepingComputer · SentinelOne, 25 Jun 2026
My take
Two things land here at once. One: the malware is now writing fake error messages to make the AI analyst doubt itself and walk away. The target is not the sandbox. It is the reviewer's confidence. Prompt injection, aimed at your tooling.
Two, and this is the one I lived this week. I audited an organisation in Brussels that told me, straight-faced, that they had never heard of a virus on Apple, so they run no antivirus and no log centralisation on those machines. This is a North Korean backdoor for macOS. The myth that Macs are safe is exactly how you end up blind on the devices an attacker wants most.
Endpoint protection and centralised logs are not Windows things. They are everywhere-you-have-endpoints things. If you cannot see it, you cannot defend it, whatever the logo is on the lid.
A 10-million-install ad blocker, one switch from hijacking your browser
Researchers at Island found that Adblock for YouTube, a Chrome extension with more than 10 million installs and a Featured badge, carries the machinery for arbitrary JavaScript execution on any site, switchable on by a single server-side change, with no extension update and no store review. Despite the name, it runs on every page you visit, and its youtube.com safety check is trivially bypassed by putting that string anywhere in a URL. There is no proof a malicious payload has shipped, but the capability is dormant, not absent, and the extension shares lineage with others already pulled for malware.
Source: The Hacker News · Island research, 25 Jun 2026
My take
Ten million installs. A Featured badge. The kind of extension nobody thinks twice about. And one server-side switch away from reading every page you open and acting as you inside your admin panels.
No one is too big to fail, and no install count is a security review. Popularity is not trust. A badge is not an audit. The capability sat there dormant, which means the safe version and the dangerous version are the same download.
Treat browser extensions like the privileged software they are. They see everything you see. Inventory them, justify each one, and remove the ones nobody can explain. The ad blocker running on your banking tab was never free.
A code of ethics for CISOs, and it shouldn't stop there
On the Dark Reading Confidential podcast, longtime security leader Robert "RSnake" Hansen revived his case for a CISO code of ethics. The targets: kickbacks, no-show consulting deals, and shelfware bought for reasons that have nothing to do with security. His argument is that a CISO's purchasing power, left undisclosed, can quietly serve interests other than the company's, and that in security the fallout reaches past one budget and into national security. The fix he keeps returning to is unglamorous: disclose everything to your leadership, and let them judge the conflict.
Source: Dark Reading · Dark Reading Confidential, 24 Jun 2026
My take
Yes. And it should not stop at CISOs. Extend it to everyone working in security, and everyone trying to enter the field.
Here is the part the conversation circles, and I will say it flat. I can teach you the techniques. The frameworks, the audits, the exploit chains, the controls, all of it. I cannot teach you integrity. That you bring, or you do not.
The whole code of ethics, stripped down, is one habit: disclose. Tell your leadership what you are getting and from whom, and let them judge. The people who will not do that are telling you something. Believe them.
The market just admitted AI won't replace your pentester
A new report from pentest firm Cobalt captures a sharp mood shift. In 2025, nearly three in ten security professionals believed fully autonomous AI could meet their security-testing needs. In 2026, after a year of real use, that fell to nine percent. The tools have blind spots, generate false positives, and 78 percent of companies say automation missed significant vulnerabilities. The model practitioners now trust is human-in-the-loop: let the agent do relentless breadth and a first pass, let an experienced human do the depth and the judgment. Long term, more autonomy is expected. Today, the human is still the difference.
Source: Dark Reading · Cobalt report, 26 Jun 2026
My take
Agreed, and I have a fresh receipt. I asked a pentest firm to go at my own vibe-coded application. Hello Cresco.be and Waked. I had already run plenty of passes with LLMs and AI-assisted tooling first.
They found things the AI and the LLM did not. Real issues, missed by the machine. Good job, and kudos. The hype told us autonomous AI would replace the pentester this year. The market just revised that from twenty-nine percent down to nine.
I use AI every day and it makes me faster. But faster is not the same as done. The breadth is the machine's. The judgment is still a person's. Anyone selling you full autonomy today is selling you the false negatives you will not hear about until it is too late.
Washington pulled the most powerful AI, then chose who gets it back
Two moves, one picture. After a US export-control directive citing national security and a claimed jailbreak, Anthropic abruptly disabled its most capable models, Fable 5 and Mythos 5, for all foreign nationals, then, about two weeks later, was permitted to restore limited access to roughly 100 vetted critical-infrastructure organisations. Anthropic disputes the basis, calling the cited technique a narrow jailbreak that is available in other models too. Days later, OpenAI previewed GPT-5.6 Sol, its most capable cyber model, only to a small set of government-approved partners. A new US executive order sets up a framework to designate "covered frontier models" with advanced cyber capability.
Source: The Hacker News · US directive; plus OpenAI GPT-5.6 Sol, Jun 2026
My take
Step back from the cybersecurity detail and look at the shape of it. The most powerful AI on the planet is now something a government switches off and on. Pulled for foreign nationals overnight. Returned, two weeks later, to a hand-picked hundred. Previewed only to approved partners.
Here is my read, and it is an opinion, not a fact. For those of us outside the US, access to frontier AI has quietly become a license that Washington grants and can revoke. That is a sovereignty question, not a tech one. If your roadmap, your tooling, or your security programme assumes a specific American model will always be there, you are building on rented ground.
I am not telling you which model to run. I am telling you to know whose permission your stack depends on, and to keep a second option that does not need it. Digital sovereignty stopped being a conference panel this month. It became a procurement decision.